CVE-2025-22226
Published: 04 March 2025
Summary
CVE-2025-22226 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Vmware Esxi. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Escape to Host (T1611); ranked in the top 11.0% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and CM-7 (Least Functionality).
Deeper analysis
VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability stemming from an out-of-bounds read in the HGFS component. The flaw is tracked as CVE-2025-22226 with a CVSS score of 7.1 and is classified under CWE-125. It affects the virtualization products listed above and permits leakage of memory contents from the vmx process.
A malicious actor who already possesses administrative privileges inside a virtual machine can trigger the out-of-bounds read to disclose memory belonging to the vmx process on the host. The attack requires local access to the guest but no additional user interaction, and the CVSS vector reflects that the scope change allows host memory exposure without affecting integrity or availability.
Broadcom has published a security advisory detailing the issue, and the vulnerability appears in the CISA Known Exploited Vulnerabilities catalog, indicating that mitigation guidance and patches are available through vendor channels for affected ESXi, Workstation, and Fusion releases.
EPSS for the CVE rose from a low baseline to a recorded peak of 0.0680 on 2026-03-05 before receding to the current value of 0.0423, showing a post-disclosure increase in exploitation interest that warrants monitoring.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-7605
Vulnerability details
VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. A malicious actor with administrative privileges to a virtual machine may be able to exploit this issue to leak memory from the vmx…
more
process.
- CWE(s)
- KEV Date Added
- 04 March 2025
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The out-of-bounds read in HGFS allows a VM admin to leak host vmx memory, directly facilitating Escape to Host (T1611), Exploitation for Privilege Escalation (T1068) by crossing VM boundary, and Exploitation for Credential Access (T1212) by exposing sensitive memory data.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the out-of-bounds read vulnerability in HGFS by identifying, prioritizing, and applying vendor patches to affected VMware products.
Prevents exploitation by configuring VMware systems to disable unnecessary HGFS shared folder functionality, limiting exposure to malicious VMs.
Detects the presence of the vulnerable HGFS component in VMware ESXi, Workstation, and Fusion through regular vulnerability scanning.